On 6 April 2016 the Council of the European Union has finally published what will most likely be the final text of the General Data Protection Regulation (GDPR), now translated in all the official languages of the EU.

After a political agreement was reached in December on what has become known as one of the most heavily lobbied texts in the history of the European Union, it took more than three months for linguists and legal experts to translate the final version of the 261-page Regulation.

Finally, in an attempt to keep up with the initial deadline for final adoption of the text, the Council has decided to adopt its position via an exceptionally short written procedure, which ends today, 8 April 2016.

What's next

■ The text of the regulation will be sent to the European Parliament where it will first be approved by the Civil Liberties, Justice and Home Affairs (LIBE) committee in an extraordinary session

■ Subsequently, it will be adopted in plenary on 14 April 2016

■ It will then be published in the Official Journal of the European Union (OJEU)

■ 20 days after the date of publication in the OJEU, the Regulation will enter into force

■ Exactly 2 years after the date of its entry into force, the Regulation will apply

This, however, is not the end of the journey for the stakeholders involved. On the contrary, now the implementation phase starts: a period in which companies will have to ensure that their organisations will comply with the new set of rules by the time in which the Regulation will enter into force, in the second quarter of 2018.

National Data Protection Authorities, as well as the Article 29 Working Party and the European Data Protection Supervisor will be issuing guidelines and opinions in the next months, to assist organisations in their preparation.

The approval of the GDPR is also a necessary step before the upcoming revision of the ePrivacy Directive, which will have to be aligned to the provisions in the new Regulation.